Closed
Bug 1382977
Opened 7 years ago
Closed 7 years ago
Crash in CContext::ID3D11DeviceContext1_SetShaderResources_<T>
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1382829
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox54 | --- | unaffected |
firefox55 | --- | unaffected |
firefox56 | --- | fixed |
People
(Reporter: philipp, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
This bug was filed from the Socorro interface and is report bp-c9a2d8c5-60dd-4436-9602-cd4d60170720. ============================================================= Crashing Thread (4) Frame Module Signature Source 0 d3d11.dll CContext::ID3D11DeviceContext1_SetShaderResources_<5, 4>(ID3D11DeviceContext1*, unsigned int, unsigned int, ID3D11ShaderResourceView* const*) 1 xul.dll mozilla::layers::MLGDeviceD3D11::SetPSTextures(unsigned int, unsigned int, mozilla::layers::TextureSource* const*) gfx/layers/d3d11/MLGDeviceD3D11.cpp:1684 2 xul.dll mozilla::layers::MLGDevice::SetPSTexturesYUV(unsigned int, mozilla::layers::TextureSource*) gfx/layers/mlgpu/MLGDevice.cpp:232 3 xul.dll mozilla::layers::VideoRenderPass::SetupPipeline() gfx/layers/mlgpu/RenderPassMLGPU.cpp:790 4 xul.dll mozilla::layers::ShaderRenderPass::ExecuteRendering() gfx/layers/mlgpu/RenderPassMLGPU.cpp:314 5 xul.dll mozilla::layers::RenderViewMLGPU::ExecutePass(mozilla::layers::RenderPassMLGPU*) gfx/layers/mlgpu/RenderViewMLGPU.cpp:468 6 xul.dll mozilla::layers::RenderViewMLGPU::ExecuteRendering() gfx/layers/mlgpu/RenderViewMLGPU.cpp:421 7 xul.dll mozilla::layers::FrameBuilder::Render() gfx/layers/mlgpu/FrameBuilder.cpp:107 8 xul.dll mozilla::layers::LayerManagerMLGPU::RenderLayers() gfx/layers/mlgpu/LayerManagerMLGPU.cpp:374 9 xul.dll mozilla::layers::LayerManagerMLGPU::Composite() gfx/layers/mlgpu/LayerManagerMLGPU.cpp:317 10 xul.dll mozilla::layers::LayerManagerMLGPU::EndTransaction(mozilla::TimeStamp const&, mozilla::layers::LayerManager::EndTransactionFlags) gfx/layers/mlgpu/LayerManagerMLGPU.cpp:276 11 xul.dll mozilla::layers::CompositorBridgeParent::CompositeToTarget(mozilla::gfx::DrawTarget*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) gfx/layers/ipc/CompositorBridgeParent.cpp:1041 12 xul.dll mozilla::layers::CompositorVsyncScheduler::Composite(mozilla::TimeStamp) gfx/layers/ipc/CompositorVsyncScheduler.cpp:262 13 xul.dll mozilla::detail::RunnableMethodImpl<mozilla::layers::CompositorVsyncScheduler* const, void ( mozilla::layers::CompositorVsyncScheduler::*)(mozilla::TimeStamp), 1, 1, mozilla::TimeStamp>::Run() obj-firefox/dist/include/nsThreadUtils.h:1187 14 xul.dll MessageLoop::RunTask(already_AddRefed<nsIRunnable>) ipc/chromium/src/base/message_loop.cc:443 15 xul.dll MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask&&) ipc/chromium/src/base/message_loop.cc:451 16 xul.dll MessageLoop::DoWork() ipc/chromium/src/base/message_loop.cc:526 17 xul.dll base::MessagePumpForUI::DoRunLoop() ipc/chromium/src/base/message_pump_win.cc:212 18 xul.dll base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpWin::Dispatcher*) ipc/chromium/src/base/message_pump_win.cc:56 19 xul.dll base::MessagePumpWin::Run(base::MessagePump::Delegate*) ipc/chromium/src/base/message_pump_win.h:80 20 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:313 21 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:293 22 xul.dll base::Thread::ThreadMain() ipc/chromium/src/base/thread.cc:181 23 xul.dll `anonymous namespace'::ThreadFunc ipc/chromium/src/base/platform_thread_win.cc:28 24 kernel32.dll BaseThreadInitThunk 25 mozglue.dll patched_BaseThreadInitThunk mozglue/build/WindowsDllBlocklist.cpp:815 26 ntdll.dll __RtlUserThreadStart 27 ntdll.dll _RtlUserThreadStart crash reports with this signature first started up on 56.0a1 build 20170718030207 when advanced layers were enabled for win7 in bug 1379731. three quarters of the reports show crashes happening in the gpu process, the rest in the main browser process. a number of crash reports have an address indicating a UAF situation, so i'll mark this bug as security sensitive.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Comment 2•7 years ago
|
||
Al, this was fixed in nightly in bug 1382829, which is marked as a sec-critical issue and un-hidden, back in July. Does this need a security advisory for 56?
Flags: needinfo?(abillings)
Comment 3•7 years ago
|
||
Liz, 55 was unaffected so we never shipped the issue to the public. As such, it won't be going into any advisories.
Flags: needinfo?(abillings)
Updated•7 years ago
|
Updated•6 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•